An expression of the form "1 << x" is undefined if x == 31 because
the "1" is an int and cannot be left shifted by 31.
Instead, use "UINT32_C(1) << x" which will be an unsigned int of
at least 32 bits.
Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
libselinux/src/mapping.c | 22 +++++++++++-----------
libselinux/src/stringrep.c | 8 ++++----
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/libselinux/src/mapping.c b/libselinux/src/mapping.c
index 96395fd4..dd2f1039 100644
--- a/libselinux/src/mapping.c
+++ b/libselinux/src/mapping.c
@@ -144,9 +144,9 @@ unmap_perm(security_class_t tclass, access_vector_t tperm)
access_vector_t kperm = 0;
for (i = 0; i < current_mapping[tclass].num_perms; i++)
- if (tperm & (1<<i)) {
+ if (tperm & (UINT32_C(1)<<i)) {
kperm |= current_mapping[tclass].perms[i];
- tperm &= ~(1<<i);
+ tperm &= ~(UINT32_C(1)<<i);
}
return kperm;
}
@@ -191,7 +191,7 @@ map_perm(security_class_t tclass, access_vector_t kperm)
for (i = 0; i < current_mapping[tclass].num_perms; i++)
if (kperm & current_mapping[tclass].perms[i]) {
- tperm |= 1<<i;
+ tperm |= UINT32_C(1)<<i;
kperm &= ~current_mapping[tclass].perms[i];
}
@@ -216,30 +216,30 @@ map_decision(security_class_t tclass, struct av_decision *avd)
for (i = 0, result = 0; i < n; i++) {
if (avd->allowed & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
avd->allowed = result;
for (i = 0, result = 0; i < n; i++) {
if (avd->decided & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
avd->decided = result;
for (i = 0, result = 0; i < n; i++)
if (avd->auditallow & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
avd->auditallow = result;
for (i = 0, result = 0; i < n; i++) {
if (avd->auditdeny & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (!allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
/*
@@ -248,7 +248,7 @@ map_decision(security_class_t tclass, struct av_decision *avd)
* a bug in the object manager.
*/
for (; i < (sizeof(result)*8); i++)
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
avd->auditdeny = result;
}
}
diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
index 012a740a..2fe69f43 100644
--- a/libselinux/src/stringrep.c
+++ b/libselinux/src/stringrep.c
@@ -229,7 +229,7 @@ access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
size_t i;
for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++)
if (strcmp(node->perms[i],s) == 0)
- return map_perm(tclass, 1<<i);
+ return map_perm(tclass, UINT32_C(1)<<i);
}
errno = EINVAL;
@@ -261,7 +261,7 @@ const char *security_av_perm_to_string(security_class_t tclass,
node = get_class_cache_entry_value(tclass);
if (av && node)
for (i = 0; i<MAXVECTORS; i++)
- if ((1<<i) & av)
+ if ((UINT32_C(1)<<i) & av)
return node->perms[i];
return NULL;
@@ -279,7 +279,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
/* first pass computes the required length */
for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) {
- str = security_av_perm_to_string(tclass, av & (1<<i));
+ str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
if (str)
len += strlen(str) + 1;
}
@@ -303,7 +303,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
ptr += sprintf(ptr, "{ ");
for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) {
- str = security_av_perm_to_string(tclass, av & (1<<i));
+ str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
if (str)
ptr += sprintf(ptr, "%s ", str);
}
--
2.31.1
